Canada's cyber spies taking down sites as battle against COVID-19 fraud begins

As the fight continues to slow the spread of COVID-19, Canada's foreign signals intelligence agency is waging war against another type of virus: disinformation. 

The Communications Security Establishment says it's already taken down a number of fraudulent sites that have spoofed the Public Health Agency of Canada, Canada Revenue, and most recently, Canada Border Services Agency.

"We've taken down some COVID-related fake sites out there. We work with partners to do that type of thing. We're taking action," Scott Jones, head of the CSE's Canadian Centre for Cyber Security, told CBC News in an interview. 

According to the RCMP, which is tracking reported scams, in at least one case fraudsters posed as the Public Health Agency and told Canadians they had tested positive for COVID-19, then asked for credit card information for a prescription.

Criminals are also mimicking the federal government to send out coronavirus-themed phishing emails and malicious attachments, they said.

Jones said criminals and state actors will try to exploit the global anxiety over the COVID-19 pandemic. 

Tugging heartstrings with COVID-19 stories

"I've certainly seen that in some of these COVID spear-phishing attempts — it's to really tug on your heartstrings with somebody who had a death in the family, et cetera," he said.  

"They don't operate by the same ethics that the rest of us do."

Swindlers have tried to pitch miracle cures to treat or prevent coronavirus, while some private companies are offering faster testing when in fact only hospitals can perform the tests. In at least one case reported to the RCMP, criminals tried to sell a fake list of all the infected people in a neighbourhood.

Malicious actors will prey on anxiety: expert

Farhaan Ladhani, director of the Digital Public Square at the Munk School of Global Affairs, has been researching disinformation around the COVID-19 pandemic. 

Canadians are feeling fearful and stressed and those strong emotional responses can be exploited online, he said.

"Online communities are seeing higher and higher levels of participation as people seek information. All of this can combine with the potential for malicious actors to capitalize on a situation," Ladhani said. 

His team has sorted through more than 100,000 social media posts looking for common threads and is testing a public awarness campaign to help Canadians decipher fact from fiction.

Ladhani said some of the most common cases of disinformation are people believing healthy people should still wear a mask at all times, a myth that garlic can ward off infection and misleading reports that ultraviolet disinfection lamps can kill the virus.

"It's totally appropriate for people to be worried," he said, but urged people to look to reputable sources who have the most up-to-date information, including the World Health Organization and the government's own website. 

"They are available, but the challenge with that of course is that those types of resources don't typically find themselves high on the virality of the places where people are typically having conversations, like on social media," he said. 

Defence chief warns about cybersecurity

CSE's takedowns come on the heels of the country's top military commander warning that Canada's adversaries intend to exploit these uncertain times 

Gen. Jonathan Vance, the country's chief of the defence staff, said he's seen indications recently that Canada's adversaries intend to exploit the mounting anxiety about the global pandemic.

"There is absolutely going to be efforts on the part of state-sponsored and non-state-sponsored [actors] to try to make every step we take as a government, and indeed as allies, look bad," Vance told CBC News earlier this month.

The CSE also issued a targeted alert for the health-care sector late last week, amid concerns criminals and state actors will go after Canadian medical research labs and extract ransom payments from health providers.

The alert says organizations connected to COVID-19 response should increase their monitoring of network logs, remind employees to practice phishing awareness and ensure that servers and critical systems are updated.